CVE-2019-25720

This CVE affects Dräger SC Monitoring devices (SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL). The vulnerability is a denial-of-service caused by processing a malformed network packet, allowing an unauthenticated attacker to reboot the monitor. Repeated malformed packets can disrupt patient ...

CVE-2019-25720 Dräger SC Monitoring Devices DoS via Malformed Network Packet

Dräger SC Monitoring devices SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL contain a denial-of-service vulnerability in all software versions that allows unauthenticated attackers to reboot the monitor by sending a malformed network packet. Attackers can repeatedly send such malformed packet...

CVE-2019-25722

Dräger SC Monitoring devices SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL contain hard-coded plaintext credentials in source code and a denial-of-service vulnerability that allows local and remote attackers to compromise device integrity across all software versions. A local attacker with...

CVE-2019-25722 Dräger SC Monitoring Devices Hard-coded Credentials and DoS

Dräger SC Monitoring devices SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL contain hard-coded plaintext credentials in source code and a denial-of-service vulnerability that allows local and remote attackers to compromise device integrity across all software versions. A local attacker with...

CVE-2019-25722 Dräger SC Monitoring Devices Hard-coded Credentials and DoS

Dräger SC Monitoring devices SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL contain hard-coded plaintext credentials in source code and a denial-of-service vulnerability that allows local and remote attackers to compromise device integrity across all software versions. A local attacker with...

EUVD-2019-20158

Dräger SC Monitoring devices SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL contain hard-coded plaintext credentials in source code and a denial-of-service vulnerability that allows local and remote attackers to compromise device integrity across all software versions. A local attacker with...

Astra Linux - уязвимость в opensc

Before version 0.20.0-rc1, OpenSC had a buffer overflow vulnerability related to accessing an ASN.1 bitstring within decodebitstring in the libopensc/asn1.c file...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Input: imxsckey – fixed memory corruption upon unloading. It should be labeled as “priv”, but we accidentally passed “&priv”, which is an address in the stack. This can lead to memory corruption when the imxsckeyaction function i...

CLSA-2026-1779101894 opensc: Fix of CVE-2023-40661

CVE-2023-40661: fix multiple smartcard pkcs15init buffer overflows, underflows and out-of-bounds writes scpkcs15initrmdir, setcoscreatekey, cosmnewfile, cosmcreatekey, scpkcs15getlastupdate, iasecc-sdo, entersafe, epass2003 keygen...

Unity Linux 20.1070e Security Update: opensc (UTSA-2026-017704)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017704 advisory. The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in scpkcs15emugemsafeGPKinit. Tenable has extracted the...

CVE-2026-8063

An authenticated user can crash mongod when running $rankFusion or $scoreFusion with an empty pipeline on a view. When resolving a view, the server inspects the aggregation pipeline to determine whether it begins with an Atlas Search stage. For $rankFusion and $scoreFusion, this inspection reads...

Astra Linux - уязвимость в opensc

The contextcreate function in ctx.c, within libopensc in OpenSC 0.19.0, has a memory leak, as evidenced by a call from eidenv...

CVE-2026-6378

The Maxi Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the /wp-json/maxi-blocks/v1.0/style-card REST API endpoint in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping of the scstyles parameter. This makes it possible...

CVE-2026-5767

The SlideShowPro SC plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's slideShowProSC shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2026-5767

The CVE-2026-5767 entry concerns the WordPress SlideShowPro SC plugin (vulnerable up to 1.0.2). It enables a Stored Cross-Site Scripting flaw through the slideShowProSC shortcode’s album attribute, allowed for authenticated users with contributor-level access and above. The vulnerability arises f...

CVE-2026-5767 SlideShowPro SC <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'album' Shortcode Attribute

The SlideShowPro SC plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's slideShowProSC shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress plugin SlideShowPro SC 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-012991)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-012991 advisory. In the Linux kernel, the following vulnerability has been resolved: Input: imxsckey - fix memory corruption on unload This is supposed to be priv but we accidentally...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011236)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011236 advisory. In the Linux kernel, the following vulnerability has been resolved: Input: imxsckey - fix memory corruption on unload This is supposed to be priv but we accidentally...

Malicious Package

Overview pt-sc-demo-app is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...